Cisco releases Updates for ASA, ACE, VPN

Cisco yesterday released updates for vulnerabilities in its ASA and CATALYST line, its ACE appliances and its AnyConnect VPN client. The most severe vulnerability with a CVSS score of 9.3 is found in the AnyConnect VPN client. The vulnerability in the WebLaunch software update mechanism component allows the attacker to deploy arbitrary code on the target machine. The attacker needs to setup a malicious webpage and lure the target to the malicious webpage in order to trigger the download.